Successful Compliance Programs

Some resources deserve a place at the top of the pile when it comes to guidance on creating and maintaining successful compliance programs. A recent National Defense Magazine “Ethics Corner” article listed three of them (Krebel, 2017).

The first one mentioned is the 2012 Resource Guide to the U.S. Foreign Corrupt Practices Act, the second is the “Effective Compliance and Ethics Programs” section of the United States Sentencing Commission Guidelines Manual, and the third is ISO 37001, which covers anti-bribery management systems.

All three provide some level of guidance and explanation for the criteria they emphasize; all three call for similar measures, as summarized in the following table.

A Resource Guide to the U.S. Foreign Corrupt Practices Act United States Sentencing   Commission Guidelines
ISO 37001, Anti-bribery Management Systems
Commitment from senior management and a clear policy against corruption Ensure that the company’s governing authority (the board; top management; high-level personnel) exercises reasonable oversight of those standards and procedures Top management leadership, commitment and responsibility
Code of conduct and compliance policies and procedures Establish standards and procedures to prevent and detect criminal conduct An anti-bribery policy and procedures
Oversight, autonomy, and resources Oversight by a compliance manager or function
Risk assessment Make reasonable efforts to assess individuals in key positions whom organizations knew or should have known have engaged in illegal activities Risk assessments and due diligence on projects and business associates
Training and continuing advice Communicate standards and procedures by training directors, employees and, as appropriate, agents, and by other means Anti-bribery training
Incentives and disciplinary measures Promote and consistently enforce the program through appropriate incentives and appropriate discipline
Third-party due diligence and payments Financial, procurement, commercial and contractual controls
Confidential reporting and internal investigation Monitor and audit the program to detect criminal conduct, evaluate the program periodically, and have and publicize a system for reporting suspected violations and seeking guidance Reporting, monitoring, investigation, and review
Continuous improvement: periodic testing and review After criminal conduct is detected, take reasonable steps to respond appropriately and prevent further similar criminal conduct, including necessary modifications to the ethics and compliance program Reporting, monitoring, investigation, and review
In general, promote ethical conduct and an organizational culture that encourages a commitment to compliance with the law

Regardless of the size of your organization, all three of these documents should be considered “go-to” resources to be used for creating, evaluating, and sustaining effective ethics and compliance programs. If your copies are dog-eared, you are using them well.

Ethical Advocate provides comprehensive ethics and compliance solutions, including confidential and anonymous hotlines and training on fraud awareness, business ethics, harassment and discrimination, the Foreign Corrupt Practices Act, and more.


International Organization for Standardization. “ISO 37001 Anti-bribery Management Systems Standard,” (PowerPoint presentation), 2015. See also “ISO Publishes Powerful New Tool to Combat Bribery,” October 2016,

Krebel, Katherine. “Creating and Anti-Corruption Program.” National Defense Magazine, April 2017.

U.S. Department of Justice and U.S. Securities and Exchange Commission. A Resource Guide to the U.S. Foreign Corrupt Practices Act, November 2012.